Health Insurer Excellus BlueCross BlueShield Hacked, 10 Million Accounts Exposed

In yet another security breach affecting the healthcare industry, personal information belonging to more than 10 million individuals may have been compromised by hackers, according to Excellus BlueCross BlueShield. The healthcare provider said it learned of the "sophisticated attack" on August 5, 2015.

The insurer's own investigation revealed that the initial attack occurred on December 23, 2013. Excellus also notified the Federal Bureau of Investigation (FBI) and is working closely with Mandiant, an American cybersecurity firm owned by FireEye. Mandiant provides incident response and security assessment service to help organizations detect, prevent ,and respond to these kinds of cyberattacks.


It's not yet known if the attackers stole personal information as part of the breach, though Excellus did confirm that they gained unauthorized access to personal information of around 7 million people, many of which are located in upstate New York. The information accessed could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account number, and claims information.

"We sincerely regret any concern this may cause," said Christopher Booth, the corporation's CEO. "We are providing free credit monitoring and identity theft protection to you for peace of mind. We also pledge to take additional steps to strengthen and enhance security to help avoid having something like this happen again."

The attack also compromised records belonging to an additional 3.5 million people who go through affiliated Lifetime Healthcare Companies.